]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 424956d) | patch
Make tls_version_max return the actual maximum version
authorArne Schwabe <arne@rfc2549.org>
Fri, 22 Nov 2019 14:33:14 +0000 (15:33 +0100)
committerGert Doering <gert@greenie.muc.de>
Wed, 4 Dec 2019 15:23:01 +0000 (16:23 +0100)
commit6328aef94a748bd9859ae5cd264b7e50fbb8a325
tree7c10a9e717a41e83fb5a30d5c2ee33c529982bb2tree | snapshot
parent424956dc1ec4d85897c41c82d0f3a315799826c2commit | diff
Make tls_version_max return the actual maximum version

Before OpenSSL 1.1.1 there could be no mismatch between
compiled and actual OpenSSL version. With OpenSSL 1.1.1 we need
runtime detection to detect the actual best TLS version supported.

Allowing this runtime detection also allows removing some of the
TLS 1.3/OpenSSL 1.1.1 #ifdefs

Without this patch tls-min-version 1.3 or-highest will actually
downgrade to TLS 1.2 in the "compiled with 1.1.0 and linked against
1.1.1" scenario.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20191122143315.8564-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19186.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
src/openvpn/ssl.c diff | blob | blame | history
src/openvpn/ssl_openssl.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git